a370035b0902a23f06e8cd6b497d5b8e0cef700db2944bfc36d58cc846755802

Sharing

Copy URL Twitter E-mail

General

Target

a370035b0902a23f06e8cd6b497d5b8e0cef700db2944bfc36d58cc846755802
Size

641KB
MD5

4fd213a172e70946c2c9f0c6c51c52a3
SHA1

f9bcfc950ed802aa96eea431b7bbd133fc78dd86
SHA256

a370035b0902a23f06e8cd6b497d5b8e0cef700db2944bfc36d58cc846755802
SHA512

c059b07b1fbee2a2a3048a927f71a691724a10608d0e5d89a26c9f4689ca53f517e78be63101d8f83d8160481cb375de64ddd0fc8e57229ef99a2f80a49aba70
SSDEEP

12288:IDRhZ4TG/LN6EI2aINl81fePNRY32tIPwVGYXr:cRhZ4T2BaXINRoSIPPg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a370035b0902a23f06e8cd6b497d5b8e0cef700db2944bfc36d58cc846755802

Files

a370035b0902a23f06e8cd6b497d5b8e0cef700db2944bfc36d58cc846755802
.exe windows:5 windows x86 arch:x86

530e12c45c04fefba6d2e654537f6a20

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\ad_demo\UTPS_V200R003_C45_Branch\bin\win\release\eap\wifimansvc.pdb

Imports

ws2_32

WSAEventSelect
WSAGetLastError
WSACreateEvent
WSAEnumNetworkEvents
htons
inet_ntoa
WSAStartup
WSACleanup
WSACloseEvent

winscard

g_rgSCardT0Pci
SCardTransmit
SCardDisconnect
SCardReleaseContext
SCardEstablishContext
SCardListReadersA
SCardEndTransaction
SCardBeginTransaction
SCardConnectA
g_rgSCardT1Pci

packet

PacketRequest
PacketOpenAdapter
PacketGetAdapterNames
PacketGetVersion
PacketCloseAdapter

wpcap

pcap_freealldevs
pcap_close
pcap_dispatch
pcap_findalldevs
pcap_freecode
pcap_setfilter
pcap_geterr
pcap_compile
pcap_open_live
pcap_lookupnet
pcap_breakloop
pcap_sendpacket

advapi32

CryptGenRandom
CryptReleaseContext
RegisterServiceCtrlHandlerA
SetServiceStatus
OpenServiceA
QueryServiceStatus
ControlService
DeleteService
OpenSCManagerA
CreateServiceA
CloseServiceHandle
ChangeServiceConfig2A
StartServiceCtrlDispatcherA
ConvertStringSecurityDescriptorToSecurityDescriptorA
RegCreateKeyExA
RegDeleteValueA
RegSetValueExA
RegDeleteKeyA
RegEnumKeyExA
RegQueryValueExA
RegEnumValueA
RegOpenKeyExA
RegCloseKey
CryptAcquireContextA

ole32

StringFromGUID2
CoCreateInstance
CoInitializeSecurity
CoInitializeEx
CoInitialize
CoUninitialize

oleaut32

VariantInit
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElement
VariantClear
SysAllocString
SysFreeString

kernel32

SetFilePointer
GetTimeZoneInformation
RtlUnwind
IsValidCodePage
GetOEMCP
GetACP
InitializeCriticalSectionAndSpinCount
IsDebuggerPresent
GetCurrentProcess
TerminateProcess
VirtualAlloc
GetCurrentProcessId
GetTickCount
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
FlushFileBuffers
SetStdHandle
HeapSize
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
GetProcessHeap
CompareStringA
CompareStringW
GetCPInfo
WaitForSingleObject
QueryPerformanceCounter
VirtualFree
HeapCreate
InterlockedDecrement
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
DeleteCriticalSection
GetStartupInfoA
GetLastError
SetEvent
CloseHandle
ConnectNamedPipe
CreateNamedPipeA
CreateEventA
GetOverlappedResult
ResetEvent
PeekNamedPipe
ReadFileEx
WriteFileEx
ReadFile
WriteFile
LocalFree
SetEnvironmentVariableA
FreeLibrary
GetProcAddress
LoadLibraryA
GetVersionExA
GetVersion
MultiByteToWideChar
DeviceIoControl
CreateFileA
WideCharToMultiByte
SetConsoleCtrlHandler
WaitForMultipleObjects
WaitForMultipleObjectsEx
CreateThread
ExitThread
TerminateThread
GetPrivateProfileStringA
GetModuleFileNameA
Sleep
CreatePipe
GetSystemTimeAsFileTime
GetCommandLineA
HeapAlloc
HeapFree
HeapReAlloc
EnterCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetModuleHandleW
ExitProcess
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType

Sections

.text
Size: 444KB - Virtual size: 443KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 109KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rmnet
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rmnet
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

530e12c45c04fefba6d2e654537f6a20

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

winscard

packet

wpcap

advapi32

ole32

oleaut32

kernel32

Sections

.text Size: 444KB - Virtual size: 443KB

.rdata Size: 30KB - Virtual size: 29KB

.data Size: 109KB - Virtual size: 117KB

.rsrc Size: 512B - Virtual size: 436B

.rmnet Size: 56KB - Virtual size: 60KB

.rmnet Size: 56KB - Virtual size: 60KB

.text
Size: 444KB - Virtual size: 443KB

.rdata
Size: 30KB - Virtual size: 29KB

.data
Size: 109KB - Virtual size: 117KB

.rsrc
Size: 512B - Virtual size: 436B

.rmnet
Size: 56KB - Virtual size: 60KB

.rmnet
Size: 56KB - Virtual size: 60KB